<?php

date_default_timezone_set('Asia/Shanghai');


$log_time = date("Y-m-d G:i:s");
$handle = fopen("attack.txt", "a+");   //打开文件

header('Content-type:text/html;charset=utf-8');
$xss = "<script>alert('xss')</script>";
$sql = "1' or '1' = '1";

$xssurl = 'http://www.360college.com/news.php?id='.$xss;
$sqlurl = 'http://www.360college.com/news.php?id='.$sql;

$xssreg = '/.*id=<script>.*/';
$sqlreg = '/.*id=.*[and,or,union].*/';
preg_match($xssurl,$xssreg,$outxss);
if ($outxss)
{
    echo '本次攻击为xss';
    fwrite('本次攻击为xss'."\r\n退出时间：".$log_time);    //写入内容
}

preg_match($sqlurl,$sqlreg,$outsql);
if ($outsql)
{
    echo '本次攻击为sql';
    fwrite('本次攻击为sql'."\r\n退出时间：".$log_time);    //写入内容
}

fclose($handle);
?>